Subversion Discloses Potentially Sensitive Revision Properties to Remote Authenticated Users in Certain Cases

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker Alert ID: 1018237

SecurityTracker URL: http://securitytracker.com/id/1018237

CVE Reference: CVE-2007-2448 (Links to External Site)

Date: Jun 13 2007

Impact: Disclosure of user information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 1.4.3 and prior versions

Impact: A remote authenticated user can obtain potentially sensitive revision properties information.

Solution: The vendor has issued a fixed version (1.4.4).

The Subversion advisory is available at:

http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt

Vendor URL: subversion.tigris.org/security/CVE-2007-2448-advisory.txt (Links to External Site)

Cause: Access control error

Underlying OS: Linux (Any), UNIX (Any)

Message History: None.

Date: Tue, 12 Jun 2007 20:03:18 -0400
Subject: Subversion


http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt

CVE-2007-2448